svn commit: r276747 - head/sys/netpfil/pf

Adrian Chadd adrian at freebsd.org
Thu Jan 8 19:28:44 UTC 2015 

On 8 January 2015 at 00:13, Ermal Luçi <eri at freebsd.org> wrote:
>
>
> On Thu, Jan 8, 2015 at 1:21 AM, Bjoern A. Zeeb
> <bzeeb-lists at lists.zabbadoz.net> wrote:
>>
>>
>> > On 07 Jan 2015, at 20:46 , Gleb Smirnoff <glebius at freebsd.org> wrote:
>> >
>> > On Tue, Jan 06, 2015 at 09:03:04AM +0000, Craig Rodrigues wrote:
>> > C> Author: rodrigc
>> > C> Date: Tue Jan  6 09:03:03 2015
>> > C> New Revision: 276747
>> > C> URL: https://svnweb.freebsd.org/changeset/base/276747
>> > C>
>> > C> Log:
>> > C>   Instead of creating a purge thread for every vnet, create
>> > C>   a single purge thread and clean up all vnets from this thread.
>> > C>
>> > C>   PR:                     194515
>> > C>   Differential Revision:  D1315
>> > C>   Submitted by:           Nikos Vassiliadis <nvass at gmx.com>
>> >
>> > I am not sure that this is a good idea. The core idea of VNETs
>> > is that they are isolated from each other. If we serialize purging,
>> > then vnets are strongly affecting each other.
>> >
>> > AFAIU, from the PR there is some panic fixed. What is the actual bug
>> > and why couldn't it be fixed with having per-vnet thread?
>>
>> You don’t 30000 whatever pf purging threads on a system all running,
>> possibly competing for some resources, e.g., locks?
>
>
> You can tune your system to your load!
>
> I do not agree with this change as well but just saw it!
>
> I would have agreed with this if a thread per CPU is created and some
> improvements in the locking strategy is performed!
> This is a potential issue since on busy system this thread gets very
> resource consuming!

So the tricksy bit here is once you have things being called via a
taskqueue, they're effectively cooperative multitasking bits. A lot of
things I've found aren't .. really designed for this.

So I'm all for it, and I think it's a good idea in general, but then
the pieces need to be reviewed for their suitability for this and may
need some reworking so they don't hog CPU.

(Yes, it's like writing WIN16 or MACOS code, or maybe network drivers
in FreeBSD, but you get the idea.)




-adrian

More information about the svn-src-head mailing list